On 05/10/10 16:25, Mike Edenfield wrote: > On 10/4/2010 10:50 AM, Tom Hendrikx wrote: > >> This means that I will have only the changes triggered by the profile >> change later on. Are there particular issues that I need to take care >> of? And how to deal with the gcc change? I remember that there was some >> kind of 'vanilla to hardened' guide, but google is failing me (I did >> find some forum threads)... > > The closest thing to an "official" guide is the PaX quickstart: > > http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml
This does not document anything regarding how to convert an vanilla
install to hardened.
>
> but the basic idea is just to do this:
>
> # eselect profile set <whatever>
> # emerge -1av binutils gcc glibc
> # emerge -e world
In the end, I did:
emerge --sync
nano /etc/make.conf # edit USE flags
emerge -uDN world
emerge --depclean
revdep-rebuild
eselect profile set hardened/linux/amd64/10.0
# from here on, I mostly followed gcc upgrade guide
emerge -1 gcc (goes in new slot)
gcc-config x86_64-pc-linux-gnu-4.3.4
emerge -1 libtool
emerge -eav system
emerge -eav world
emerge -Cav <old gcc>
This was succesful.
During the install, it dawned to me that portage wants to remove the
oldest (i.e. lowest version number) of gcc when more than 1 slot is
available. Because the profile change triggered a gcc downgrade, I
removed the hardened gcc that I had freshly built (the one with the
lower version) in stead of the vanilla gcc, without switching the system
gcc. Because of other changes, gcc-config was also broken. After that,
disaster came upon me ;)
Lessons learned: double check versions when removing something.
> As for the gcc downgrade, that shouldn't be happening. I'm using the
> normal hardened profile:
>
> hardened/linux/amd64/10.0
>
> and it's giving me gcc-4.4.4-r2 and glibc-2.12.1-r1. Make sure you have
> the right profile selected and that they're up to date. (hardened gcc
> used to lag behind stock gcc but I thought that was all done with now.)
Just synced, and tested, but both of these packages are arch masked in
hardened amd64 profile, and actually both of them are arch masked
according to packages.gentoo.org. You're running ~arch.
Stable amd64 has gcc-4.4.3-r2, but this version is masked in
/usr/portage/profiles/hardened/package.mask. This triggers the
downgrade, but as said, that should not be destructive when you are careful.
Anyway, thanks for the the heads up :)
--
Regards,
Tom
signature.asc
Description: OpenPGP digital signature
